Verified X ad spreads Mac malware, while ConsentFix steals Microsoft accounts


Cybercriminals are finding new ways to trick people into compromising their own devices and accounts. One campaign used a sponsored ad on X to target Mac users, while another technique, dubbed ConsentFix, steals Microsoft 365 accounts without installing malware.

Researchers have discovered a ClickFix-style attack running as a sponsored advertisement on X. The ad was posted from a verified account, adding an extra layer of credibility to the scam.

ClickFix campaigns use convincing lures—historically fake “human verification” screens, and now a fake download for DynamicLake, a legitimate macOS utility that turns your MacBook’s notch into an unofficial but functional version of Apple’s Dynamic Island. This type of attack requires the user to paste a command from the clipboard, making it depend heavily on user interaction.

Read more…
Source:  MalwareBytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • A new data wiper is targeting Linux x86 network devices

    March 20, 2024

    Hackers were observed targeting Linux x86 networking devices and Internet of Things (IoT) appliances with a new data wiper, called AcidPour. Data wipers are arguably among the most destructive forms of malware. Their goal is to simply destroy, or wipe, all of the data found on the compromised endpoint. They are used to disrupt companies and government ...

  • From Ransomware to Pig Butchering, Visa Report Shows Top Scams Impacting Consumers and Businesses Globally

    March 20, 2024

    Today, Visa released the Spring 2024 Edition of its Biannual Threats Report, which outlines the top payment threats impacting consumers and businesses around the world. The report points to increasingly organized, sophisticated threat actors targeting the most vulnerable point in the payments’ ecosystem: humans. Read more… Source: Yahoo News  

  • Fluffy Wolf sends out reconciliation reports to sneak into corporate infrastructures

    March 19, 2024

    The group has adopted a simple yet effective approach to gain initial access: phishing emails with an executable attachment. This way, Fluffy Wolf establishes remote access, steals credentials, or exploits the compromised infrastructure for mining The BI.ZONE Threat Intelligence team has detected a previously unknown cluster, dubbed Fluffy Wolf, whose activity can be traced back to ...

  • ‘Glitch’ at Ethiopia’s biggest bank sees customers withdraw millions that isn’t theirs

    March 19, 2024

    Ethiopia’s largest bank is struggling to recoup millions of dollars after a glitch over the weekend allowed customers to withdraw unlimited funds, according to local media reports. More than $40 million was reportedly withdrawn from the state-owned Commercial Bank of Ethiopia or transferred to other banks, as customers discovered they could withdraw more than their total ...

  • Social media influencers targeted by identity thieves

    March 19, 2024

    Social media influencers are attractive targets for identity thieves. With large followings and a literal influence on their followers, it’s no wonder they are targeted by scammers and spreaders of fake news. A subset of influencers are the so-called “finfluencers”: influencers that provide their followers with financial advice. Such a person influences the financial investment decisions of ...

  • Threat landscape for industrial automation systems. H2 2023

    March 19, 2024

    In the second half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased by 2.1 pp to 31.9%. In H2 2023, building automation once again had the highest percentage of ICS computers on which malicious objects were blocked of all industries that we looked at. Oil and Gas was the only ...